<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="Content-Language" content="zh-CN"><title>nss-mymachines
  中文手册 [金步国]</title><style>
@font-face { font-family: "JinBuGuoWebMono"; src: url("http://www.jinbuguo.com/d/mono.ttf") format("truetype"); }
* { font-family: "JinBuGuoWebMono", "Ubuntu Mono", "Consolas", "Menlo", monospace; }
body { margin:10px; }
h1 { text-align:center; background:#ddd; }
h2#auth_name { text-align:center; margin: 10px 5%; }

    a.headerlink {
      color: #c60f0f;
      font-size: 0.8em;
      padding: 0 4px 0 4px;
      text-decoration: none;
      visibility: hidden;
    }

    a.headerlink:hover {
      background-color: #c60f0f;
      color: white;
    }

    h1:hover > a.headerlink, h2:hover > a.headerlink, h3:hover > a.headerlink, dt:hover > a.headerlink {
      visibility: visible;
    }
</style><script> var _hmt = _hmt || []; (function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?d286c55b63a3c54a1e43d10d4c203e75"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s); })(); </script></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><h1>nss-mymachines 中文手册</h1><h2 id="auth_name">译者：<strong><a href="http://www.jinbuguo.com/">金步国</a></strong></h2><hr><h3>版权声明</h3><p>本文译者是一位开源理念的坚定支持者，所以本文虽然不是软件，但是遵照开源的精神发布。</p><ul><li>无担保：本文译者不保证译文内容准确无误，亦不承担任何由于使用此文档所导致的损失。</li><li>自由使用：任何人都可以自由的<u>阅读/链接/打印</u>此文档，无需任何附加条件。</li><li>名誉权：任何人都可以自由的<u>转载/引用/再创作</u>此文档，但必须保留译者署名并注明出处。</li></ul><h3>其他作品</h3><p>本文译者十分愿意与他人分享劳动成果，如果你对我的其他翻译作品或者技术文章有兴趣，可以在如下位置查看现有的作品集：</p><ul><li><a href="http://www.jinbuguo.com/">金步国作品集</a> [ <a href="http://www.jinbuguo.com/">http://www.jinbuguo.com/</a> ]</li></ul><h3>联系方式</h3><p>由于译者水平有限，因此不能保证译文内容准确无误。如果你发现了译文中的错误(哪怕是错别字也好)，请来信指出，任何提高译文质量的建议我都将虚心接纳。</p><ul><li>Email(QQ)：70171448在QQ邮箱</li></ul><hr><a href="systemd.index.html">手册索引</a> ·
  <a href="systemd.directives.html">指令索引</a><span style="float:right">systemd-241</span><hr><div class="refentry"><a name="nss-mymachines"></a><div class="titlepage"></div><div class="refnamediv"><h2>名称</h2><p>nss-mymachines, libnss_mymachines.so.2 — 提供了
    解析本地容器名称的功能</p></div><div class="refsynopsisdiv"><h2>大纲</h2><p><code class="filename">libnss_mymachines.so.2</code></p></div><div class="refsect1"><a name="id-1.5"></a><h2 id="描述">描述<a class="headerlink" title="Permalink to this headline" href="nss-mymachines.html#%E6%8F%8F%E8%BF%B0">¶</a></h2><p><span class="command"><strong>nss-mymachines</strong></span>
    是一个 <span class="command"><strong>glibc</strong></span>(GNU C Library) NSS(Name Service Switch) 插件，
    提供了本地容器名称的解析功能。
    <a href="systemd-machined.service.html#"><span class="citerefentry"><span class="refentrytitle">systemd-machined.service</span>(8)</span></a>
    服务按照本地容器所属 scope 的顺序，在这些本地容器的名称与其IP地址之间建立对应关系。
    该功能仅可用于使用了网络名字空间(network namespace)的容器(参见
    <a href="systemd-nspawn.html#"><span class="citerefentry"><span class="refentrytitle">systemd-nspawn</span>(1)</span></a>
    手册中对 <code class="option">--private-network</code> 的描述)。
    注意，解析得到的名称是在 <span class="command"><strong>systemd-machined</strong></span> 中注册的名称，
    可能不同于容器内配置的主机名。</p><p>该插件还为映射到容器中的用户与组的名称提供了解析功能。
    分配给 <em class="replaceable"><code>container</code></em> 容器的所有用户与组的名称都会在主机上显示为
    "<code class="literal">vu-<em class="replaceable"><code>container</code></em>-<em class="replaceable"><code>uid</code></em></code>" 与
    "<code class="literal">vg-<em class="replaceable"><code>container</code></em>-<em class="replaceable"><code>gid</code></em></code>" (参见下文的例子)。
    该功能仅可用于使用了用户名字空间(user namespace)的容器。参见
    <code class="option">--private-users</code> 选项(参见
    <a href="systemd-nspawn.html#"><span class="citerefentry"><span class="refentrytitle">systemd-nspawn</span>(1)</span></a> 手册)。</p><p>要激活此NSS模块，可将 "<code class="literal">mymachines</code>"
     添加到 <code class="filename">/etc/nsswitch.conf</code> 文件中以
    "<code class="literal">hosts:</code>", "<code class="literal">passwd:</code>", "<code class="literal">group:</code>" 开头的行里面。</p><p>建议将 "<code class="literal">mymachines</code>" 放置在 <code class="filename">/etc/nsswitch.conf</code> 文件中
    紧跟 "<code class="literal">files</code>" 或 "<code class="literal">compat</code>" 项之后，以确保在解析时，本地映射文件
    <code class="filename">/etc/hosts</code>, <code class="filename">/etc/passwd</code>, <code class="filename">/etc/group</code> 仍为最优先，
    同时又将其他解析方式(DNS之类)作为后备。</p></div><div class="refsect1"><a name="id-1.6"></a><h2 id="配置 /etc/nsswitch.conf 文件">配置 <code class="filename">/etc/nsswitch.conf</code> 文件<a class="headerlink" title="Permalink to this headline" href="nss-mymachines.html#%E9%85%8D%E7%BD%AE%20/etc/nsswitch.conf%20%E6%96%87%E4%BB%B6">¶</a></h2><p>下面的 <code class="filename">/etc/nsswitch.conf</code> 文件就是一个正确开启了 
    <span class="command"><strong>nss-mymachines</strong></span> 插件的例子：</p><pre class="programlisting">passwd:         compat <span class="command"><strong>mymachines</strong></span> systemd
group:          compat <span class="command"><strong>mymachines</strong></span> systemd
shadow:         compat

hosts:          files <span class="command"><strong>mymachines</strong></span> resolve [!UNAVAIL=return] dns myhostname
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis</pre></div><div class="refsect1"><a name="id-1.7"></a><h2 id="nss-mymachines 提供的映射"><code class="filename">nss-mymachines</code> 提供的映射<a class="headerlink" title="Permalink to this headline" href="nss-mymachines.html#nss-mymachines%20%E6%8F%90%E4%BE%9B%E7%9A%84%E6%98%A0%E5%B0%84">¶</a></h2><p>使用 <a href="systemd-nspawn.html#"><span class="citerefentry"><span class="refentrytitle">systemd-nspawn</span>(1)</span></a>
    运行 "<code class="literal">rawhide</code>" 容器：
    </p><pre class="programlisting"># systemd-nspawn -M rawhide --boot --network-veth --private-users=pick
Spawning container rawhide on /var/lib/machines/rawhide.
Selected user namespace base 20119552 and range 65536.
...

$ machinectl --max-addresses=3
MACHINE CLASS     SERVICE        OS     VERSION ADDRESSES
rawhide container systemd-nspawn fedora 30      169.254.40.164 fe80::94aa:3aff:fe7b:d4b9

$ getent passwd vu-rawhide-0 vu-rawhide-81
vu-rawhide-0:*:20119552:65534:vu-rawhide-0:/:/sbin/nologin
vu-rawhide-81:*:20119633:65534:vu-rawhide-81:/:/sbin/nologin

$ getent group vg-rawhide-0 vg-rawhide-81
vg-rawhide-0:*:20119552:
vg-rawhide-81:*:20119633:

$ ps -o user:15,pid,tty,command -e|grep '^vu-rawhide'
vu-rawhide-0      692 ?        /usr/lib/systemd/systemd
vu-rawhide-0      731 ?        /usr/lib/systemd/systemd-journald
vu-rawhide-192    734 ?        /usr/lib/systemd/systemd-networkd
vu-rawhide-193    738 ?        /usr/lib/systemd/systemd-resolved
vu-rawhide-0      742 ?        /usr/lib/systemd/systemd-logind
vu-rawhide-81     744 ?        /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
vu-rawhide-0      746 ?        /usr/sbin/sshd -D ...
vu-rawhide-0      752 ?        /usr/lib/systemd/systemd --user
vu-rawhide-0      753 ?        (sd-pam)
vu-rawhide-0     1628 ?        login -- zbyszek
vu-rawhide-1000  1630 ?        /usr/lib/systemd/systemd --user
vu-rawhide-1000  1631 ?        (sd-pam)
vu-rawhide-1000  1637 pts/8    -zsh

$ ping -c1 rawhide
PING rawhide(fe80::94aa:3aff:fe7b:d4b9%ve-rawhide (fe80::94aa:3aff:fe7b:d4b9%ve-rawhide)) 56 data bytes
64 bytes from fe80::94aa:3aff:fe7b:d4b9%ve-rawhide (fe80::94aa:3aff:fe7b:d4b9%ve-rawhide): icmp_seq=1 ttl=64 time=0.045 ms
...
$ ping -c1 -4 rawhide
PING rawhide (169.254.40.164) 56(84) bytes of data.
64 bytes from 169.254.40.164 (169.254.40.164): icmp_seq=1 ttl=64 time=0.064 ms
...

# machinectl shell rawhide /sbin/ip a
Connected to machine rawhide. Press ^] three times within 1s to exit session.
1: lo: &lt;LOOPBACK,UP,LOWER_UP&gt; mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    ...
2: host0@if21: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 96:aa:3a:7b:d4:b9 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 169.254.40.164/16 brd 169.254.255.255 scope link host0
       valid_lft forever preferred_lft forever
    inet6 fe80::94aa:3aff:fe7b:d4b9/64 scope link
       valid_lft forever preferred_lft forever
Connection to machine rawhide terminated.
</pre></div><div class="refsect1"><a name="id-1.8"></a><h2 id="参见">参见<a class="headerlink" title="Permalink to this headline" href="nss-mymachines.html#%E5%8F%82%E8%A7%81">¶</a></h2><p>
      <a href="systemd.html#"><span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span></a>,
      <a href="systemd-machined.service.html#"><span class="citerefentry"><span class="refentrytitle">systemd-machined.service</span>(8)</span></a>,
      <a href="machinectl.html#"><span class="citerefentry"><span class="refentrytitle">machinectl</span>(1)</span></a>,
      <a href="nss-systemd.html#"><span class="citerefentry"><span class="refentrytitle">nss-systemd</span>(8)</span></a>,
      <a href="nss-resolve.html#"><span class="citerefentry"><span class="refentrytitle">nss-resolve</span>(8)</span></a>,
      <a href="nss-myhostname.html#"><span class="citerefentry"><span class="refentrytitle">nss-myhostname</span>(8)</span></a>,
      <a href="http://man7.org/linux/man-pages/man5/nsswitch.conf.5.html"><span class="citerefentry"><span class="refentrytitle">nsswitch.conf</span>(5)</span></a>,
      <a href="http://man7.org/linux/man-pages/man1/getent.1.html"><span class="citerefentry"><span class="refentrytitle">getent</span>(1)</span></a>
    </p></div></div></body></html>
